CLAIMS 

Claim 1: A method and apparatus to secure online transactions on the Internet 
comprising: 

- a smart card transmitting an identification sequence to a PC in the form of a 
5 modulated signal, 

- a card reader plugged into the microphone input of the PC sound card, 

- a PC applet demodulating the identification sequence, 

and characterized by the absence of processing means within the card reader. 

Claim 2: A method as in claim 1, wherein the identification sequence 
1 0 comprises at least a unique card number and a random number valid only once. 

Claim 3: A method as in claim 2, wherein the random number is a session key 
(Ki) which is not transmitted to the authentication server. 

Claim 4: A method as in claim 3, wherein the session key (Ki) is a function of 
the previous one (Ki-1) emitted by the card such as: Ki = G(Ki-l), G is a one-way 
1 5 function also known by the authentication server. 

Claim 5: A method as in claim 4, wherein the session key (Ki) is used by the 
PC applet to generate a message authentication code (MAC) of the password entered 
by the user; said first MAC is transmitted to the authentication server along with the 
card number. 

20 Claim 6: A method as in claim 5, wherein the authentication server generates 

a second MAC of the password stored in the authentication server database, using a 
session key deduced from the previous one (Ki-1) also stored in the database. 

Claim 7: A method as in claim 6, wherein the authentication is valid only if 
said first and second MAC are identical; if this is the case, the authentication server 
25 replaces (Ki-1) by (Ki) in the database and (Ki) cannot be reused. 

Claim 8: An apparatus as in claim 1, wherein the smart card is powered by the 
voltage provided by the microphone input of the PC sound card. 

Claim 9: An apparatus as in claim 8, wherein the smart card transmits the 
modulated signal when the switch of the card reader is pressed by the user. 
30 Claim 10: An apparatus as in claim 9, wherein the smart card transmits the 

modulated signal to the microphone input through the ISO contact C6. 
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Claim 1 1 : An apparatus as in claim 10, wherein the smart card transmits the 
modulated signal when the ISO contact C2 is pulled down. 

Claim 12: An apparatus as in claim 1 1 , wherein the smart card is powered 
through the ISO contacts C4 and C8. 
5 Claim 13: An apparatus as in claim 1, wherein the card reader further 

comprises a battery cell powering the card; said reader is alternatively plugged into 
the line input of the PC sound card. 

Claim 14: An apparatus as in claim 1, wherein the card reader fttrther 
comprises a microphone capsule. 
10 Claim 15: An apparatus as in claim 1, wherein the card reader is further 

integrated into the PC unit or display. 
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